From a0454b8aff90fae952000eea5da51056969393c6 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 18 Sep 2019 14:52:36 +0200
Subject: [PATCH] Detect TLS connections

---
 src/dns.rs  | 2 +-
 src/main.rs | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/dns.rs b/src/dns.rs
index 1cfa7d5..206b328 100644
--- a/src/dns.rs
+++ b/src/dns.rs
@@ -6,7 +6,7 @@ use byteorder::{BigEndian, ByteOrder, WriteBytesExt};
 pub const DNS_MAX_HOSTNAME_SIZE: usize = 256;
 pub const DNS_HEADER_SIZE: usize = 12;
 pub const DNS_OFFSET_FLAGS: usize = 2;
-pub const DNS_MAX_PACKET_SIZE: usize = 8192;
+pub const DNS_MAX_PACKET_SIZE: usize = 0x1600;
 
 const DNS_MAX_INDIRECTIONS: usize = 16;
 const DNS_FLAGS_TC: u16 = 2u16 << 8;
diff --git a/src/main.rs b/src/main.rs
index a8a680f..daf747e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -262,6 +262,7 @@ async fn tcp_acceptor(globals: Arc<Globals>, tcp_listener: TcpListener) -> Resul
             let mut binlen = [0u8, 0];
             client_connection.read_exact(&mut binlen).await?;
             let packet_len = BigEndian::read_u16(&binlen) as usize;
+            ensure!(packet_len != 0x1603, "TLS traffic");
             ensure!(
                 (DNS_HEADER_SIZE..=DNSCRYPT_TCP_QUERY_MAX_SIZE).contains(&packet_len),
                 "Unexpected query size"